“The platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it,” says Scott Stevens, SVP, Global Systems Engineering at Palo Alto Networks. “We find 20-30 thousand brand new pieces of malware every day. We’re analyzing millions and millions of files every day to figure out which ones are malicious. Once we know, within five minutes we’re updating the security posture for all of our connected security devices globally.”

We Find 20-30 Thousand New Pieces of Malware Every Day

There are two ways to think about artificial intelligence, machine learning, and big data analytics. The first is if we’re looking at how are we dealing with malware and finding unknown malware and blocking it, we’ve been doing that for years. The platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it.

We find 20-30 thousand brand new pieces of malware every day. We’re analyzing millions and millions of files every day to figure out which ones are malicious. Once we know, within five minutes we’re updating the security posture for all of our connected security devices globally.

Whether it’s endpoint software or it’s our inline next gen firewalls we’re updating all of our signatures so that the unknown is now known and the known can be blocked. That’s whether we’re watching to block the malware coming in or the command-and-control that’s using via DNS and URL to communicate and start whatever it’s going to do. You mentioned crypto lockers and there are all kinds of things that can happen. That’s one vector of using AI NML to prevent the ability for these attacks to succeed.

Machine Learning Uses Data Lake to Discover Malware

The other side of it is how do we then take some of the knowledge and the lessons we’ve learned for what we’ve been doing now for many years in discovering malware and apply that same AI NML locally to that customer so that they can detect very creative attacks very and evasive attacks or that insider threat that employee who’s behaving inappropriately but quietly.

We’ve announced over the last week what we call the cortex XDR set of offerings. That involves allowing the customer to build an aggregated data lake which uses the Zero Trust framework which tells us how to segment and also puts sensors in all the places of the network. This includes both network sensors an endpoint as we look at security the endpoint as well as the network links. Using those together we’re able to stitch those logs together in a data lake that machine learning can now be applied to on a customer by customer basis.

Maybe somebody was able to evade because they’re very creative or that insider threat again who isn’t breaking security rules but they’re being evasive. We can now find them through machine learning. The cool thing about Zero Trust is the prevention architecture that we needed for Zero Trust becomes the sensor architecture for this machine learning engine. You get dual purpose use out of the architecture of Zero Trust to solve both the in-line prevention and the response architecture that you need.